Industrial Cyber Security

The model of smart factory is complex and involves a lot of different components, the following chapter will be focused on the cybersecurity challenge of a smart factory and more specifically on all the different components that can communicate with an external system. Hence, we will focus on the CPS components (sensors, actuators, network, Cyber System, HMIs for employees and customers)

Industrial Risks

The advent of Smart Factories has resulted in millions of new potential uses for consumers and businesses. But with these new uses emerge certain risks more marked in the era of industry 4.0. It is important to understand that a Smart Factory is just another channel of attack for hackers. Although there are many different types of hackers, they all share a common goal which is extracting something of value from the targeted company, organization or entity. The extracted value of an attack depends on the type of hacker that performed it. Therefore, Smart factories should be considered a risk by companies and organizations. A Smart factory is built to produce goods that will be then sold to consumers. As long as it works correctly, it brings value to the company. However, a rogue smart factory can impact a company in three ways. 

First, in case of an incident, media coverage and consumer awareness immediately shatter the brand image. By incident, we mean a disastrous disaster (explosion, natural events), a leakage of Personally Identifiable Information (PII), or unavailability of a part of the whole system. This impact is measured in a decline of the perceived trust by the consumers and the shareholders which ultimately causes the company to lose money. 

Second, most companies are very keen on protecting the most valuable intellectual assets. However, they will use those intellectual assets in order to create a product or a set of products. Blueprints, industrial secrets, the process of production will all be uploaded in smart factories, and whoever as access to the smart factory can have access to those protected files. Theft of one of those intellectual assets will cause the company to lose its competitive advantage and severely harm its development for the upcoming years.

Finally, by leaking PII or presenting obvious security failures, a smart factory could be treated as evidence by the court and causes the company to be persecuted, to pay a fee and potentially to stop its activities.

Threat Landscape

Now that we understand the negative impact a security breach can have on a smart factory, it is important to determine who, why, and with what some entity would try to penetrate or disturb a smart factory. We have defined three hacker personas with different sets of motivations, skills, and tools.

The first hacker persona is called “Hacktivist”. Hacktivists are animated by political or social convictions and they usually hack a system to get a message across. They are often decentralized and use unsophisticated means of attack although they sometimes regroup and form the Hacktivism movement such as “Anonymous” in which case they become much more dangerous and organized.

The second hacker persona is the “CyberCrime Gangs”. They are far more organized than Hacktivist and their attacks are more sophisticated. They are motivated by money. They would try to breach into a smart factory to get sensitive information (blueprint of new products, list of buyers), to infect the smart factory with ransomware or to use the smart factory as a botnet to attack more lucrative targets.

The third persona is the “Nation-State Attackers”. It is not uncommon for a country to have a cyber-center and perform cyber-espionage in order to get intelligence in another country. If a country has or wants to attack a target, its attack would be extremely sophisticated with a combination of all the tools available on the market. They are oftentimes after political and/or economic intelligence.

The fourth persona is « terrorist groups ». They will only go after factories that can either lead to damage through explosion or facilities that can give them an edge in their war. They have stated their desire to build and use weapons of mass destruction. These groups have, in the past, sought to acquire nuclear materials and even actively surveilled a senior nuclear scientist who had access to sensitive areas of a Belgian nuclear research facility. Although such groups are not currently believed to possess a sophisticated cyber capability, their desire to obtain nuclear materials could lead them to develop or hire the skills necessary to do so. This makes the need to improve cybersecurity at nuclear facilities all the more urgent.